致求助者－电脑病毒重在预防　一个典型教材及其查杀

森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:	发表于： 2006-09-05 23:11 \| 只看楼主短消息资料字号：小中大 1楼致求助者－电脑病毒重在预防　一个典型教材及其查杀会员们，花点心思维护一下自己的电脑吧…… mopery:"平常只要花一点点小时间对自己心爱的电脑,进行一次小维护.可大大预防病毒..反之..如果不好好维护..你们的电脑就会跟楼主电脑一样..甚至更糟.. 卡卡病毒区天天人来人往..有的都是常客...如果你们肯玩点心思..卡卡估计也能少来N次.." 本来想请楼主贴SREng的log ..但是楼主已经对电脑处理...SREng的log 能看出的不止这些.. 鸣谢： 1.baohe版主，落雪木马查杀方法 2.yanmings，帖子的发现者和新标题提议者提醒: 严禁在此帖内贴日志...禁止灌水...违者严惩... by:mopery  轩辕小聪原标题：我电脑中了好多Backdoor.Gpigeon.2006.zb 怎么办?求救啊!谢谢! 有七个那么多啊,有谁能帮我啊.杀了开机也有,怎么办? Logfile of HijackThis v1.99.1 Scan saved at 22:57:43, on 2006-9-5 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CNNIC\Cdn\cdnup.exe C:\WINDOWS\system32\conime.exe C:\Mysql\bin\mysqld-max.exe C:\Program Files\Common Files\Sogou PXP\p2psvr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\intenat.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Rav.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\svhost32.exe C:\DOCUME~1\user\LOCALS~1\Temp\65492.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\conime.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX54.125\HijackThis.exe R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll R3 - URLSearchHook: (no name) - {51707E60-11C0-44FB-BAC8-83EB0C93651C} - C:\WINDOWS\system32\Feve.dll (file missing) R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O1 - Hosts: 61.188.38.64 www.gamezt.com.cn O1 - Hosts: 61.188.38.64 meng.nicemm.cn O1 - Hosts: 61.188.38.64 upd.etsoft.com.cn O1 - Hosts: 61.188.38.64 www.essonarts.com O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com O1 - Hosts: 61.188.38.64 woool.100888290cs.com O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com O1 - Hosts: 61.188.38.64 www.yowoool.com O1 - Hosts: 61.188.38.64 13511.com O1 - Hosts: 61.188.38.64 www.13511.com O1 - Hosts: 61.188.38.64 ywg.cn O1 - Hosts: 61.188.38.64 www.hyap98.com O2 - BHO: (no name) - _{0005A87D-D626-4B3A-84F9-1D9571695F55} - (no file) O2 - BHO: 搜索助手 - _{04844102-FC0B-4f44-9E93-0C4293BB5E80} - (no file) O2 - BHO: (no name) - _{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: yPhtb - _{33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file) O2 - BHO: (no name) - _{35980F6E-A137-4E50-953D-813BB8556899} - (no file) O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file) O2 - BHO: YDragSearch - _{62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file) O2 - BHO: (no name) - _{669751ED-D558-49AE-B01A-3B374CC7910E} - (no file) O2 - BHO: stdup - _{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file) O2 - BHO: (no name) - _{9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: (no name) - _{A9930D97-9CF0-42A0-A10D-4F28836579D5} - (no file) O2 - BHO: (no name) - _{F5824EFB-728A-4726-A5A5-85A68B20EDC3} - (no file) O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O2 - BHO: (no name) - {51707E60-11C0-44FB-BAC8-83EB0C93651C} - C:\WINDOWS\system32\Feve.dll (file missing) O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Corel Reminder] rem O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [dl_accel] rem C:\Program Files\3721\Dlaccel\YDownloader.exe O4 - HKLM\..\Run: [thunder_mini] rem C:\Program Files\Thunder Network\ThunderMini\ThunderMini.exe O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HupooShell] rem "C:\DOCUME~1\user\LOCALS~1\Temp\HupShell.exe " O4 - HKLM\..\Run: [ToP] rem C:\WINDOWS\LSASS.exe O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe O4 - HKLM\..\Run: [yassistse] rem "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [WangWang] rem "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE" O4 - HKLM\..\Run: [runnn] rem C:\WINDOWS\system32\xskjab.exe O4 - HKLM\..\Run: [runn] rem C:\WINDOWS\system32\xskjad.exe O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM O4 - HKLM\..\Run: [Net] rem C:\WINDOWS\system32\SVCH0ST.EXE O4 - HKLM\..\Run: [MSSER] rem C:\WINDOWS\system32\appmgmt\msser.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE O4 - HKLM\..\Run: [] C:\WINDOWS\system32\intenat.exe O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe O4 - HKLM\..\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232 2006-09-11 22:33:24
森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:	分享到：

森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:	发表于： 2006-09-05 23:12 \| 只看楼主短消息资料字号：小中大 2楼还有啊, O8 - Extra context menu item: &使用下载加速专家下载 - C:\Program Files\3721\Dlaccel\geturl.htm O8 - Extra context menu item: &使用迷你迅雷下载 - C:\Program Files\Thunder Network\ThunderMini\geturl.htm O8 - Extra context menu item: >>彩信发送<< - res://C:\PROGRA~1\MMSASS~1\mmsass~1.dll/mms.htm O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm O8 - Extra context menu item: 访问通用网址 - C:\Program Files\CNNIC\Cdn\cnnic.htm O9 - Extra button: Yahoo 3.5G电邮 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing) O9 - Extra button: 寻宝乐趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing) O9 - Extra button: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O9 - Extra 'Tools' menuitem: 中文上网 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing) O9 - Extra button: (no name) - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra 'Tools' menuitem: 彩E精灵设置 - {6671A433-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra 'Tools' menuitem: QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra 'Tools' menuitem: 修复浏览器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing) O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O9 - Extra 'Tools' menuitem: 清理上网记录 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing) O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll O11 - Options group: [!CNS] 中文上网 O11 - Options group: [CDNCLIENT] 中文上网 O11 - Options group: [TBH] 搜搜地址栏搜索 O16 - DPF: _{05C1004E-2596-48E5-8E26-39362985EEB9} - http://p3p.sogou.com/MMCShell.cab O16 - DPF: _{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - https://www.sz1.cmbchina.com/download/CMBEdit.cab O16 - DPF: _{39044F32-421E-4CE0-A595-EF66D42C363C} - http://hot1.vdown.21cn.com/rmdownload/drm/data3/eyejoy/21cnPptv.cab O16 - DPF: _{488A4255-3236-44B3-8F27-FA1AECAA8844} - https://img.alipay.com/download/1007/aliedit.cab O16 - DPF: _{6414512B-B978-451D-A0D8-FCFDF33E833C} - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121909430468 O16 - DPF: _{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1121910343468 O16 - DPF: _{88734439-46D0-42C0-A13F-7E881EE550CF} - http://www.bluesky.cn/download/filetran.cab O16 - DPF: _{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab O16 - DPF: _{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: _{D57A1919-CB3C-461C-8F34-A87A1CD9127E} - http://www.9158.com/launcher/99launch_1000.cab O16 - DPF: _{F138084D-84D7-48CD-BEA8-04772457516E} - http://218.85.138.27/vqqsdl1009.cab O16 - DPF: _{F2EB8999-766E-4BF6-AAAD-188D398C0D0B} - http://www4.cmbchina.com/download/pb45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8AB00110-D2F1-490B-9E47-1335235A1832}: NameServer = 202.96.134.133,210.21.196.8 O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: webwork - {4C611512-2C1D-44b2-A044-872AD2AD5A61} - C:\WINDOWS\webwork\webwork.dll O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Messenger - Unknown owner - C:\WINDOWS\system32\AUTOEXEC.BAT (file missing) O23 - Service: Microsoft Winsock5 Service - Unknown owner - C:\WINDOWS\Microsoft Winsock5.exe O23 - Service: MySql - Unknown owner - C:/Mysql/bin/mysqld-max.exe O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe O23 - Service: Rising Proxy Service (RfwProxySrv) - Beijing Rising Technology Co., Ltd. - c:\program files\rising\rfw\rfwproxy.exe O23 - Service: Rising Personal Firewall Service (RfwService) - Unknown owner - c:\program files\rising\rfw\rfwsrv.exe O23 - Service: Rising Process Communication Center (RsCCenter) - Beijing Rising Technology Co., Ltd. - C:\PROGRAM FILES\RISING\RAV\CCENTER.EXE O23 - Service: RsRavMon Service (RsRavMon) - Beijing Rising Technology Co., Ltd. - C:\Program Files\Rising\Rav\Ravmond.exe O23 - Service: Task Scheduler (Schedule) - Unknown owner - C:\WINDOWS\system32\发信息.exe (file missing) O23 - Service: sys - Unknown owner - C:\WINDOWS\988510 O23 - Service: system - Unknown owner - C:\WINDOWS\system.exe
森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:

森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:	发表于： 2006-09-05 23:14 \| 只看楼主短消息资料字号：小中大 3楼还有瑞星都搞得没有启动了,右下角没有图表的.怎么搞啊?
森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:

笨鸟慢飞初生襁褓狮帖子:14 注册: 2006-09-05 来自:	发表于： 2006-09-05 23:22 \| 短消息资料字号：小中大 4楼朋友咱俩情况差不多一样被这里的人告知才知道是病毒你看一下别人给我回的帖子参考一下吧都是好心人努力学习吸取教训。
笨鸟慢飞初生襁褓狮帖子:14 注册: 2006-09-05 来自:

Mcgrady001 初生襁褓狮帖子:245 注册: 2006-08-31 来自:	发表于： 2006-09-05 23:25 \| 短消息资料字号：小中大 5楼呵呵你那里有那么多流氓软件啊
Mcgrady001 初生襁褓狮帖子:245 注册: 2006-08-31 来自:

janny620 初生襁褓狮帖子:2 注册: 2006-09-05 来自:	发表于： 2006-09-05 23:27 \| 短消息资料字号：小中大 6楼我的电脑也都是这个病毒 Backdoor.Gpigeon.2006.zk 和 Backdoor.Gpigeon.2006.re ，re这个杀掉了以后没出现了，可是Backdoor.Gpigeon.2006.zk这个杀完了在开机还是有，都快晕了！我根据网上说的在安全模式下查找_hook.dll文件，没有找到，注册表中也没有找到网上说的那些信息，是不是这些都是变种了！有什么办法可以杀啊！而且在防火墙—》系统状态－》svchost.exe->udp下面有一项Local 0。0。0。0。1042『Bla木马』
janny620 初生襁褓狮帖子:2 注册: 2006-09-05 来自:

森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:	发表于： 2006-09-05 23:33 \| 只看楼主短消息资料字号：小中大 7楼都快晕了,昨天才一个,今天下班回来想杀的,后来一查,七个啊,怎么办?有没有高人指点?感谢啊!
森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:

janny620 初生襁褓狮帖子:2 注册: 2006-09-05 来自:	发表于： 2006-09-05 23:39 \| 短消息资料字号：小中大 8楼 4楼那位大哥，你的帖子在哪里啊，发个链接过来看看
janny620 初生襁褓狮帖子:2 注册: 2006-09-05 来自:

卡卡技术团队

帖子:8368
注册: 2006-01-09
来自:

发表于： 2006-09-06 00:04 | 短消息资料

字号：小中大 9楼

引用:

【森林小子11的贴子】都快晕了,昨天才一个,今天下班回来想杀的,后来一查,七个啊,怎么办?有没有高人指点?感谢啊!
………………

楼主，你知道当yanmings把这个帖的链接发到我们的Q群里去的时候，包括我和mopery、前反浏览器劫持论坛版主魔法学徒，有多少人看到你的帖？！大家都不敢下手啊

经大家讨论，决定由mopery动手将整个手工查杀流程一一罗列，其中最疑难的部分即11楼至13楼引用自本版baohe版主的原创帖子。为了全面，对于落雪木马的查杀并没有使用专杀。
由于HijackThis日志有其局限性，实际情况可能更加复杂，因此在作出如下处理后，还需等待楼主的SREng日志才能最后完成。

yanmings 锋芒艾服狮帖子:1698 注册: 2005-01-10 来自:	发表于： 2006-09-06 00:20 \| 短消息资料字号：小中大 10楼收藏，的确难得如果我们的会员对待病毒不“以防为主”，情况比楼主更严重也不是没有可能
yanmings 锋芒艾服狮帖子:1698 注册: 2005-01-10 来自:

	瑞星“1+2”全新解决方案巡展在广州画上圆满句号		叶院长揭秘：瑞星如何运用AI技术革新网络安全		俄乌冲突加剧网络攻击风险白俄罗斯政府遭APT攻击		瑞星ESM防病毒系统助力矿业大学筑牢网络安全防线
	实力拉满瑞星第五十次通过VB100测评		携手老友，拥抱新精彩 —— 新论坛新活动，感谢你的陪伴		护航司法，瑞星助力山西省高院构建安全防线		人工智能在网络安全领域的风险和机遇

森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:	发表于： 2006-09-05 23:11 \| 只看楼主短消息资料字号：小中大 1楼致求助者－电脑病毒重在预防　一个典型教材及其查杀会员们，花点心思维护一下自己的电脑吧…… mopery:"平常只要花一点点小时间对自己心爱的电脑,进行一次小维护.可大大预防病毒..反之..如果不好好维护..你们的电脑就会跟楼主电脑一样..甚至更糟.. 卡卡病毒区天天人来人往..有的都是常客...如果你们肯玩点心思..卡卡估计也能少来N次.." 本来想请楼主贴SREng的log ..但是楼主已经对电脑处理...SREng的log 能看出的不止这些.. 鸣谢： 1.baohe版主，落雪木马查杀方法 2.yanmings，帖子的发现者和新标题提议者提醒: 严禁在此帖内贴日志...禁止灌水...违者严惩... by:mopery  轩辕小聪原标题：我电脑中了好多Backdoor.Gpigeon.2006.zb 怎么办?求救啊!谢谢! 有七个那么多啊,有谁能帮我啊.杀了开机也有,怎么办? Logfile of HijackThis v1.99.1 Scan saved at 22:57:43, on 2006-9-5 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\CNNIC\Cdn\cdnup.exe C:\WINDOWS\system32\conime.exe C:\Mysql\bin\mysqld-max.exe C:\Program Files\Common Files\Sogou PXP\p2psvr.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Rising\Rav\RavTask.exe C:\WINDOWS\system32\intenat.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Rising\Rav\Rav.exe C:\Program Files\Rising\Rav\RsAgent.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\svhost32.exe C:\DOCUME~1\user\LOCALS~1\Temp\65492.exe C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\conime.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\user\LOCALS~1\Temp\Rar$EX54.125\HijackThis.exe R3 - URLSearchHook: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll R3 - URLSearchHook: (no name) - {51707E60-11C0-44FB-BAC8-83EB0C93651C} - C:\WINDOWS\system32\Feve.dll (file missing) R3 - URLSearchHook: Tencent SearchHook - {DB8B2393-7A6C-4C76-88CE-6B1F6FF6FFE9} - C:\Program Files\TENCENT\Adplus\SSAddr.dll F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe O1 - Hosts: 61.188.38.64 www.gamezt.com.cn O1 - Hosts: 61.188.38.64 meng.nicemm.cn O1 - Hosts: 61.188.38.64 upd.etsoft.com.cn O1 - Hosts: 61.188.38.64 www.essonarts.com O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com O1 - Hosts: 61.188.38.64 woool.100888290cs.com O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com O1 - Hosts: 61.188.38.64 www.yowoool.com O1 - Hosts: 61.188.38.64 13511.com O1 - Hosts: 61.188.38.64 www.13511.com O1 - Hosts: 61.188.38.64 ywg.cn O1 - Hosts: 61.188.38.64 www.hyap98.com O2 - BHO: (no name) - _{0005A87D-D626-4B3A-84F9-1D9571695F55} - (no file) O2 - BHO: 搜索助手 - _{04844102-FC0B-4f44-9E93-0C4293BB5E80} - (no file) O2 - BHO: (no name) - _{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file) O2 - BHO: yPhtb - _{33BBE430-0E42-4f12-B075-8D21ACB10DCB} - (no file) O2 - BHO: (no name) - _{35980F6E-A137-4E50-953D-813BB8556899} - (no file) O2 - BHO: Anti Fish - _{38928D50-8A48-44C2-945F-D2F23F771410} - (no file) O2 - BHO: YDragSearch - _{62EED7C6-9F02-42f9-B634-98E2899E147B} - (no file) O2 - BHO: (no name) - _{669751ED-D558-49AE-B01A-3B374CC7910E} - (no file) O2 - BHO: stdup - _{6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file) O2 - BHO: (no name) - _{9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file) O2 - BHO: (no name) - _{A9930D97-9CF0-42A0-A10D-4F28836579D5} - (no file) O2 - BHO: (no name) - _{F5824EFB-728A-4726-A5A5-85A68B20EDC3} - (no file) O2 - BHO: 搜搜地址栏搜索 - {0C7C23EF-A848-485B-873C-0ED954731014} - C:\Program Files\TENCENT\Adplus\SSAddr.dll O2 - BHO: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O2 - BHO: (no name) - {51707E60-11C0-44FB-BAC8-83EB0C93651C} - C:\WINDOWS\system32\Feve.dll (file missing) O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll O2 - BHO: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - C:\PROGRA~1\MMSASS~1\mmsass~1.dll O2 - BHO: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - C:\WINDOWS\SYSTEM32\stdup.dll O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll O3 - Toolbar: 雅虎助手 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Corel Reminder] rem O4 - HKLM\..\Run: [RavTask] "C:\Program Files\Rising\Rav\RavTask.exe" -system O4 - HKLM\..\Run: [dl_accel] rem C:\Program Files\3721\Dlaccel\YDownloader.exe O4 - HKLM\..\Run: [thunder_mini] rem C:\Program Files\Thunder Network\ThunderMini\ThunderMini.exe O4 - HKLM\..\Run: [TkBellExe] rem "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HupooShell] rem "C:\DOCUME~1\user\LOCALS~1\Temp\HupShell.exe " O4 - HKLM\..\Run: [ToP] rem C:\WINDOWS\LSASS.exe O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe O4 - HKLM\..\Run: [yassistse] rem "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe" O4 - HKLM\..\Run: [WangWang] rem "C:\Program Files\淘宝网\淘宝旺旺\WangWang.EXE" O4 - HKLM\..\Run: [runnn] rem C:\WINDOWS\system32\xskjab.exe O4 - HKLM\..\Run: [runn] rem C:\WINDOWS\system32\xskjad.exe O4 - HKLM\..\Run: [RfwMain] "C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup O4 - HKLM\..\Run: [RavTimer] C:\PROGRA~1\RISING\RAV\RAVTIMER.EXE O4 - HKLM\..\Run: [RavMon] C:\PROGRA~1\RISING\RAV\RAVMON.EXE -SYSTEM O4 - HKLM\..\Run: [Net] rem C:\WINDOWS\system32\SVCH0ST.EXE O4 - HKLM\..\Run: [MSSER] rem C:\WINDOWS\system32\appmgmt\msser.exe O4 - HKLM\..\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - HKLM\..\Run: [Torjan Program] C:\WINDOWS\WINLOGON.EXE O4 - HKLM\..\Run: [] C:\WINDOWS\system32\intenat.exe O4 - HKLM\..\Run: [wdfmgr32] C:\WINDOWS\system32\wdfmgr32.exe O4 - HKLM\..\Run: [Tray] C:\WINDOWS\command\rundll32.exe O4 - HKLM\..\RunServices: [Torjan Program] C:\WINDOWS\WINLOGON.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: !搜一搜(&S) - res://C:\Program Files\yisou\yisou.dll/232 2006-09-11 22:33:24
森林小子11 初生襁褓狮帖子:4 注册: 2006-09-05 来自:	分享到：

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 致求助者－电脑病毒重在预防 一个典型教材及其查杀

致求助者－电脑病毒重在预防 一个典型教材及其查杀

致求助者－电脑病毒重在预防 一个典型教材及其查杀

瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛致求助者－电脑病毒重在预防　一个典型教材及其查杀

致求助者－电脑病毒重在预防　一个典型教材及其查杀

致求助者－电脑病毒重在预防　一个典型教材及其查杀